Hi, I have a File Server as Domain Member and it was working properly. Recently I changed my DCs and after I am not getting authenticate users with winbind. I'm using Samba 4.6.3 as DC and Samba 4.1.17 as File Server. When I restart Samba Service, this message appears: root at dc1:/root# /etc/init.d/samba4 status ● samba4.service - LSB: start Samba4 daemons Loaded: loaded (/etc/init.d/samba4) Active: active (running) since Ter 2017-06-13 00:27:08 -03; 22min ago Process: 587 ExecStop=/etc/init.d/samba4 stop (code=exited, status=0/SUCCESS) Process: 596 ExecStart=/etc/init.d/samba4 start (code=exited, status=0/SUCCESS) CGroup: /system.slice/samba4.service ├─601 /usr/local/samba/sbin/samba -D ├─626 /usr/local/samba/sbin/samba -D ├─627 /usr/local/samba/sbin/samba -D ├─628 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground ├─629 /usr/local/samba/sbin/samba -D ├─630 /usr/local/samba/sbin/samba -D ├─631 /usr/local/samba/sbin/samba -D ├─632 /usr/local/samba/sbin/samba -D ├─633 /usr/local/samba/sbin/samba -D ├─634 /usr/local/samba/sbin/samba -D ├─635 /usr/local/samba/sbin/samba -D ├─636 /usr/local/samba/sbin/samba -D ├─637 /usr/local/samba/sbin/samba -D ├─638 /usr/local/samba/sbin/samba -D ├─639 /usr/local/samba/sbin/samba -D ├─640 /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground ├─643 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground ├─644 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground ├─645 /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground ├─647 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground ├─674 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground ├─675 /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground ├─677 /usr/local/samba/sbin/samba -D ├─751 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground └─753 /usr/local/samba/sbin/samba -D Jun 13 00:27:08 dc1 samba[601]: [2017/06/13 00:27:08.916883, 0] ../source4/smbd/server.c:487(binary_smbd_main) Jun 13 00:27:08 dc1 samba[601]: samba: using 'standard' process model Jun 13 00:27:08 dc1 samba[601]: [2017/06/13 00:27:08.932572, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jun 13 00:27:08 dc1 samba[601]: STATUS=daemon 'samba' finished starting up and ready to serve connections Jun 13 00:27:08 dc1 winbindd[640]: [2017/06/13 00:27:08.995026, 0] ../source3/winbindd/winbindd_cache.c:3171(initialize_winbindd_cache) Jun 13 00:27:08 dc1 winbindd[640]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Jun 13 00:27:09 dc1 winbindd[640]: [2017/06/13 00:27:09.356050, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jun 13 00:27:09 dc1 winbindd[640]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections Jun 13 00:27:09 dc1 smbd[628]: [2017/06/13 00:27:09.396000, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jun 13 00:27:09 dc1 smbd[628]: STATUS=daemon 'smbd' finished starting up and ready to serve connections Is it a problem? Regards, Márcio Bacci
On Tue, 13 Jun 2017 01:11:04 -0300 Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote:> Hi, > > I have a File Server as Domain Member and it was working properly. > > Recently I changed my DCs and after I am not getting authenticate > users with winbind. > > I'm using Samba 4.6.3 as DC and Samba 4.1.17 as File Server. > > When I restart Samba Service, this message appears: > > root at dc1:/root# /etc/init.d/samba4 status > ● samba4.service - LSB: start Samba4 daemons > Loaded: loaded (/etc/init.d/samba4) > Active: active (running) since Ter 2017-06-13 00:27:08 -03; 22min > ago Process: 587 ExecStop=/etc/init.d/samba4 stop (code=exited, > status=0/SUCCESS) > Process: 596 ExecStart=/etc/init.d/samba4 start (code=exited, > status=0/SUCCESS) > CGroup: /system.slice/samba4.service > ├─601 /usr/local/samba/sbin/samba -D > ├─626 /usr/local/samba/sbin/samba -D > ├─627 /usr/local/samba/sbin/samba -D > ├─628 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ├─629 /usr/local/samba/sbin/samba -D > ├─630 /usr/local/samba/sbin/samba -D > ├─631 /usr/local/samba/sbin/samba -D > ├─632 /usr/local/samba/sbin/samba -D > ├─633 /usr/local/samba/sbin/samba -D > ├─634 /usr/local/samba/sbin/samba -D > ├─635 /usr/local/samba/sbin/samba -D > ├─636 /usr/local/samba/sbin/samba -D > ├─637 /usr/local/samba/sbin/samba -D > ├─638 /usr/local/samba/sbin/samba -D > ├─639 /usr/local/samba/sbin/samba -D > ├─640 /usr/local/samba/sbin/winbindd -D --option=server > role check:inhibit=yes --foreground > ├─643 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ├─644 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ├─645 /usr/local/samba/sbin/winbindd -D --option=server > role check:inhibit=yes --foreground > ├─647 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ├─674 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ├─675 /usr/local/samba/sbin/winbindd -D --option=server > role check:inhibit=yes --foreground > ├─677 /usr/local/samba/sbin/samba -D > ├─751 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > └─753 /usr/local/samba/sbin/samba -D > > Jun 13 00:27:08 dc1 samba[601]: [2017/06/13 00:27:08.916883, 0] > ../source4/smbd/server.c:487(binary_smbd_main) > Jun 13 00:27:08 dc1 samba[601]: samba: using 'standard' process model > Jun 13 00:27:08 dc1 samba[601]: [2017/06/13 00:27:08.932572, 0] > ../lib/util/become_daemon.c:124(daemon_ready) > Jun 13 00:27:08 dc1 samba[601]: STATUS=daemon 'samba' finished > starting up and ready to serve connections > Jun 13 00:27:08 dc1 winbindd[640]: [2017/06/13 00:27:08.995026, 0] > ../source3/winbindd/winbindd_cache.c:3171(initialize_winbindd_cache) > Jun 13 00:27:08 dc1 winbindd[640]: initialize_winbindd_cache: clearing > cache and re-creating with version number 2 > Jun 13 00:27:09 dc1 winbindd[640]: [2017/06/13 00:27:09.356050, 0] > ../lib/util/become_daemon.c:124(daemon_ready) > Jun 13 00:27:09 dc1 winbindd[640]: STATUS=daemon 'winbindd' finished > starting up and ready to serve connections > Jun 13 00:27:09 dc1 smbd[628]: [2017/06/13 00:27:09.396000, 0] > ../lib/util/become_daemon.c:124(daemon_ready) > Jun 13 00:27:09 dc1 smbd[628]: STATUS=daemon 'smbd' finished starting > up and ready to serve connections > > Is it a problem? > > Regards, > > Márcio BacciThere doesn't appear to be anything wrong, so where are not get users authenticated, on the DC, or on the fileserver, or both ? Can you post the smb.conf files from both machines. Rowland
On Tue, 13 Jun 2017 17:00:10 -0300 Marcio Demetrio Bacci <marciobacci at gmail.com> wrote:> Hi, > > When I run the command line *wbinfo -a user* I get the following > result: > > root at filserver:~# wbinfo -a mane > Enter mane's password: > plaintext password authentication succeeded > Enter mane's password: > challenge/response password authentication failed > error code was NT_STATUS_WRONG_PASSWORD (0xc000006a) > error message was: Wrong Password > Could not authenticate user mane with challenge/response > > However the password is correct. > > File server users can not access SMB shares. > > This is my smb.conf and nsswitch of the File Server: > > ########################################################## > [global] > netbios name = fileserver > workgroup = EMPRESA > security = ads > realm = EMPRESA.COM.BR > encrypt passwords = yes > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > preferred master = no > idmap config *:backend = tdb > idmap config *:range = 1000-3000 > idmap config EMPRESA:backend = ad > idmap config EMPRESA:schema_mode = rfc2307 > idmap config EMPRESA:range = 10000-9999999 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = yes > > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > username map = /etc/samba/user.map >What OS is this ? Is there anything like an auth.log on the DC ? If so, is there anything in it ? Rowland
Apparently Analagous Threads
- DNS Update Failed
- Migrating to Samba 4.9.4 AD, kinit administrator -> kinit: Cannot contact any KDC for realm...
- Problems joining Samba 4 in the domain
- Migrating to Samba 4.9.4 AD, kinit administrator -> kinit: Cannot contact any KDC for realm...
- DNS Update Failed